The Security Service of Ukraine is accusing Russia of conducting more than 5,000 cyberattacks on Ukrainian critical infrastructure and government entities since 2014.
The Ukrainian government published the names, pictures, and purported intercepted phone conversations of Moscow’s Federal Security Service hackers.
The Biden administration has adopted a wait-and-see posture about whether the Russians will help America’s cybersecurity, but Ukraine is showing that it believes Moscow can’t be trusted.
The Ukrainian government said the Russian attackers wanted control over critical infrastructure such as power plants and heat and water supply systems, sought to steal and collect intelligence, worked to block information systems, and sought “information and psychological influence.”
“The SSU Cyber Security Department identified hackers of the notorious ARMAGEDON group, which carried out over 5,000 cyberattacks against public authorities and critical infrastructure of Ukraine,” said the SSU in a statement published Thursday on its website. “They are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014.”
The Russian Embassy in Washington declined to comment when asked about the SSU’s accusations.
The Ukrainians uploaded audio of the phone calls to YouTube with English-language captions translating the conversation, making it more accessible to a western audience as American policymakers debate how to address cyberattacks on critical infrastructure by Russia.
Earlier this week, CIA director William Burns visited Moscow and met with Russian Security Council Secretary Nikolai Patrushev, a former FSB head, according to Reuters and the Associated Press. Cybersecurity was a topic of discussion between Mr. Burns and his Russian counterpart, according to Reuters, which cited a source close to the FSB.
President Biden has urged Russian President Vladimir Putin to take action against cyberattackers and Mr. Biden has sought to place red lines around critical infrastructure sectors, which involve things like the security of America’s gas pipelines and water systems, among many other sectors.
Biden administration officials claimed this week it was too early to tell whether Mr. Biden’s policy toward Russia had yielded fewer cyberattacks.
National Cyber Director John C. Inglis told the House Homeland Security Committee that there has been a discernable decrease in attempted attacks from Russia, but he thought it was premature to reach a conclusion about the cause.
“It’s too soon to tell whether that is because of the material efforts undertaken by the Russians or the Russian leadership,” said Mr. Inglis on Wednesday. “It may well be that the transgressors in this space have simply [laid] low understanding that this is, for the moment, a very hot time for them.”
Army Gen. Paul Nakasone, National Security Agency director and commander of U.S. Cyber Command, also said Wednesday that “it’s too early to tell” whether Russia had acted to help America in dealing with ransomware attacks.
The Biden administration has previously blamed Russia for hacks disrupting the American government and has imposed sanctions. In April, the administration placed sanctions on Russia in response to the SolarWinds hack of computer network management software that compromised federal agencies.
The U.S. Treasury Department said in April that its sanctions were designed to cripple technology companies supporting Russia‘s malicious cyber activities and to prevent “certain dealings in Russian sovereign debt.”
Hacks and cyberattacks with connections to Russia have not ceased. Last week, the ransomware gang Grief claimed the National Rifle Association as a victim. Cybersecurity professionals have linked Grief to Evil Corp., which the U.S. Treasury Department sanctioned in 2019.